2 /***********************************************************************
4 Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org)
6 This file is part of PunBB.
8 PunBB is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published
10 by the Free Software Foundation; either version 2 of the License,
11 or (at your option) any later version.
13 PunBB is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston,
23 ************************************************************************/
26 // Tell header.php to use the admin template
27 define('PUN_ADMIN_CONSOLE', 1);
29 define('PUN_ROOT', './');
30 require PUN_ROOT
.'include/common.php';
31 require PUN_ROOT
.'include/common_admin.php';
34 if ($pun_user['g_id'] > PUN_MOD ||
($pun_user['g_id'] == PUN_MOD
&& $pun_config['p_mod_ban_users'] == '0'))
35 message($lang_common['No permission']);
38 // Add/edit a ban (stage 1)
39 if (isset($_REQUEST['add_ban']) ||
isset($_GET['edit_ban']))
41 if (isset($_GET['add_ban']) ||
isset($_POST['add_ban']))
43 // If the id of the user to ban was provided through GET (a link from profile.php)
44 if (isset($_GET['add_ban']))
46 $add_ban = intval($_GET['add_ban']);
48 message($lang_common['Bad request']);
52 $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix
.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__
, __LINE__
, $db->error());
53 if ($db->num_rows($result))
54 list($group_id, $ban_user, $ban_email) = $db->fetch_row($result);
56 message('No user by that ID registered.');
58 else // Otherwise the username is in POST
60 $ban_user = trim($_POST['new_ban_user']);
64 $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix
.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__
, __LINE__
, $db->error());
65 if ($db->num_rows($result))
66 list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);
68 message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.');
72 // Make sure we're not banning an admin
73 if (isset($group_id) && $group_id == PUN_ADMIN
)
74 message('The user '.pun_htmlspecialchars($ban_user).' is an administrator and can\'t be banned. If you want to ban an administrator, you must first demote him/her to moderator or user.');
76 // If we have a $user_id, we can try to find the last known IP of that user
79 $result = $db->query('SELECT poster_ip FROM '.$db->prefix
.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__
, __LINE__
, $db->error());
80 $ban_ip = ($db->num_rows($result)) ?
$db->result($result) : '';
85 else // We are editing a ban
87 $ban_id = intval($_GET['edit_ban']);
89 message($lang_common['Bad request']);
91 $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix
.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__
, __LINE__
, $db->error());
92 if ($db->num_rows($result))
93 list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result);
95 message($lang_common['Bad request']);
97 $ban_expire = ($ban_expire != '') ?
date('Y-m-d', $ban_expire) : '';
102 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans';
103 $focus_element = array('bans2', 'ban_user');
104 require PUN_ROOT
.'header.php';
106 generate_admin_menu('bans');
110 <div
class="blockform">
111 <h2
><span
>Ban advanced settings
</span
></h2
>
113 <form id
="bans2" method
="post" action
="admin_bans.php">
115 <input type
="hidden" name
="mode" value
="<?php echo $mode ?>" />
116 <?php
if ($mode == 'edit'): ?
> <input type
="hidden" name
="ban_id" value
="<?php echo $ban_id ?>" />
117 <?php
endif; ?
> <fieldset
>
118 <legend
>Supplement ban with IP
and e
-mail
</legend
>
119 <div
class="infldset">
120 <table
class="aligntop" cellspacing
="0">
122 <th scope
="row">Username
</th
>
124 <input type
="text" name
="ban_user" size
="25" maxlength
="25" value
="<?php if (isset($ban_user)) echo pun_htmlspecialchars($ban_user); ?>" tabindex
="1" />
125 <span
>The username to ban
.</span
>
129 <th scope
="row">IP
-adresses
</th
>
131 <input type
="text" name
="ban_ip" size
="45" maxlength
="255" value
="<?php if (isset($ban_ip)) echo $ban_ip; ?>" tabindex
="2" />
132 <span
>The IP
or IP
-ranges you wish to
ban (e
.g
. 150.11.110.1 or 150.11.110). Separate addresses with spaces
. If an IP is entered already it is the last known IP of this user in the database
.<?php
if ($ban_user != '' && isset($user_id)) echo ' Click <a href="admin_users.php?ip_stats='.$user_id.'">here</a> to see IP statistics for this user.' ?
></span
>
136 <th scope
="row">E
-mail
/domain
</th
>
138 <input type
="text" name
="ban_email" size
="40" maxlength
="50" value
="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" tabindex
="3" />
139 <span
>The e
-mail
or e
-mail domain you wish to
ban (e
.g
. someone@somewhere
.com
or somewhere
.com
). See
"Allow banned e-mail addresses" in Options
for more info
.</span
>
143 <p
class="topspace"><strong
class="warntext">You should be very careful when banning an IP
-range because of the possibility of multiple users matching the same partial IP
.</strong
></p
>
149 <legend
>Ban message
and expiry
</legend
>
150 <div
class="infldset">
151 <table
class="aligntop" cellspacing
="0">
153 <th scope
="row">Ban message
</th
>
155 <input type
="text" name
="ban_message" size
="50" maxlength
="255" value
="<?php if (isset($ban_message)) echo pun_htmlspecialchars($ban_message); ?>" tabindex
="4" />
156 <span
>A message that will be displayed to the banned user when he
/she visits the forums
.</span
>
160 <th scope
="row">Expire date
</th
>
162 <input type
="text" name
="ban_expire" size
="17" maxlength
="10" value
="<?php if (isset($ban_expire)) echo $ban_expire; ?>" tabindex
="5" />
163 <span
>The date when this ban should be automatically
removed (format
: YYYY
-MM
-DD
). Leave blank to remove manually
.</span
>
170 <p
class="submitend"><input type
="submit" name
="add_edit_ban" value
=" Save " tabindex
="6" /></p
>
174 <div
class="clearer"></div
>
178 require PUN_ROOT
.'footer.php';
182 // Add/edit a ban (stage 2)
183 else if (isset($_POST['add_edit_ban']))
185 confirm_referrer('admin_bans.php');
187 $ban_user = trim($_POST['ban_user']);
188 $ban_ip = trim($_POST['ban_ip']);
189 $ban_email = strtolower(trim($_POST['ban_email']));
190 $ban_message = trim($_POST['ban_message']);
191 $ban_expire = trim($_POST['ban_expire']);
193 if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
194 message('You must enter either a username, an IP address or an e-mail address (at least).');
195 else if (strtolower($ban_user) == 'guest')
196 message('The guest user cannot be banned.');
198 // Validate IP/IP range (it's overkill, I know)
201 $ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);
202 $addresses = explode(' ', $ban_ip);
203 $addresses = array_map('trim', $addresses);
205 for ($i = 0; $i < count($addresses); ++
$i)
207 $octets = explode('.', $addresses[$i]);
209 for ($c = 0; $c < count($octets); ++
$c)
211 $octets[$c] = (strlen($octets[$c]) > 1) ?
ltrim($octets[$c], "0") : $octets[$c];
213 if ($c > 3 ||
preg_match('/[^0-9]/', $octets[$c]) ||
intval($octets[$c]) > 255)
214 message('You entered an invalid IP/IP-range.');
217 $cur_address = implode('.', $octets);
218 $addresses[$i] = $cur_address;
221 $ban_ip = implode(' ', $addresses);
224 require PUN_ROOT
.'include/email.php';
225 if ($ban_email != '' && !is_valid_email($ban_email))
227 if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))
228 message('The e-mail address (e.g. user@domain.com) or partial e-mail address domain (e.g. domain.com) you entered is invalid.');
231 if ($ban_expire != '' && $ban_expire != 'Never')
233 $ban_expire = strtotime($ban_expire);
235 if ($ban_expire == -1 ||
$ban_expire <= time())
236 message('You entered an invalid expire date. The format should be YYYY-MM-DD and the date must be at least one day in the future.');
239 $ban_expire = 'NULL';
241 $ban_user = ($ban_user != '') ?
'\''.$db->escape($ban_user).'\'' : 'NULL';
242 $ban_ip = ($ban_ip != '') ?
'\''.$db->escape($ban_ip).'\'' : 'NULL';
243 $ban_email = ($ban_email != '') ?
'\''.$db->escape($ban_email).'\'' : 'NULL';
244 $ban_message = ($ban_message != '') ?
'\''.$db->escape($ban_message).'\'' : 'NULL';
246 if ($_POST['mode'] == 'add')
247 $db->query('INSERT INTO '.$db->prefix
.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__
, __LINE__
, $db->error());
249 $db->query('UPDATE '.$db->prefix
.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__
, __LINE__
, $db->error());
251 // Regenerate the bans cache
252 require_once PUN_ROOT
.'include/cache.php';
253 generate_bans_cache();
255 redirect('admin_bans.php', 'Ban '.(($_POST['mode'] == 'edit') ?
'edited' : 'added').'. Redirecting …');
260 else if (isset($_GET['del_ban']))
262 confirm_referrer('admin_bans.php');
264 $ban_id = intval($_GET['del_ban']);
266 message($lang_common['Bad request']);
268 $db->query('DELETE FROM '.$db->prefix
.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__
, __LINE__
, $db->error());
270 // Regenerate the bans cache
271 require_once PUN_ROOT
.'include/cache.php';
272 generate_bans_cache();
274 redirect('admin_bans.php', 'Ban removed. Redirecting …');
278 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans';
279 $focus_element = array('bans', 'new_ban_user');
280 require PUN_ROOT
.'header.php';
282 generate_admin_menu('bans');
285 <div
class="blockform">
286 <h2
><span
>New ban
</span
></h2
>
288 <form id
="bans" method
="post" action
="admin_bans.php?action=more">
291 <legend
>Add ban
</legend
>
292 <div
class="infldset">
293 <table
class="aligntop" cellspacing
="0">
295 <th scope
="row">Username
<div
><input type
="submit" name
="add_ban" value
=" Add " tabindex
="2" /></div
></th
>
297 <input type
="text" name
="new_ban_user" size
="25" maxlength
="25" tabindex
="1" />
298 <span
>The username to
ban (case insensitive
). The next page will let you enter a custom IP
and e
-mail
. If you just want to ban a specific IP
/IP
-range
or e
-mail just leave it blank
.</span
>
308 <h2
class="block2"><span
>Existing bans
</span
></h2
>
310 <div
class="fakeform">
313 $result = $db->query('SELECT id, username, ip, email, message, expire FROM '.$db->prefix
.'bans ORDER BY id') or error('Unable to fetch ban list', __FILE__
, __LINE__
, $db->error());
314 if ($db->num_rows($result))
316 while ($cur_ban = $db->fetch_assoc($result))
318 $expire = format_time($cur_ban['expire'], true);
323 <legend
>Ban expires
: <?php
echo $expire ?
></legend
>
324 <div
class="infldset">
325 <table cellspacing
="0">
326 <?php
if ($cur_ban['username'] != ''): ?
> <tr
>
328 <td
><?php
echo pun_htmlspecialchars($cur_ban['username']) ?
></td
>
330 <?php
endif; ?
><?php
if ($cur_ban['email'] != ''): ?
> <tr
>
332 <td
><?php
echo $cur_ban['email'] ?
></td
>
334 <?php
endif; ?
><?php
if ($cur_ban['ip'] != ''): ?
> <tr
>
335 <th
>IP
/IP
-ranges
</th
>
336 <td
><?php
echo $cur_ban['ip'] ?
></td
>
338 <?php
endif; ?
><?php
if ($cur_ban['message'] != ''): ?
> <tr
>
340 <td
><?php
echo pun_htmlspecialchars($cur_ban['message']) ?
></td
>
342 <?php
endif; ?
> </table
>
343 <p
class="linkactions"><a href
="admin_bans.php?edit_ban=<?php echo $cur_ban['id'] ?>">Edit
</a
> - <a href
="admin_bans.php?del_ban=<?php echo $cur_ban['id'] ?>">Remove
</a
></p
>
352 echo "\t\t\t\t".'<p>No bans in list.</p>'."\n";
358 <div
class="clearer"></div
>
362 require PUN_ROOT
.'footer.php';